Menu
Is it possible to temporarily disable the XSS protection found in modern browsers for testing purposes?
I'm trying to explain to a co-worker what happens when one sends this to an XSS-vulnerable web form:
<script>alert("Danger");</script> However, it appears that both Chrome and Firefox are preventing the XSS popup. Can I disable this protection so I can fully see the results of my actions?
472
On July 15, Google announced that the XSS Auditor module that protects Chrome users against Cross-site Scripting attacks is to be abandoned. It was found to be easy to bypass, inefficient, and causing too many false positives.
In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures: Filter input on arrival. At the point where user input is received, filter as strictly as possible based on what is expected or valid input. Encode data on output.
Cross-site scripting (XSS) is a computer security vulnerability that allows malicious attackers to inject client-side script into web pages viewed by other users. You can use the Cross-site Scripting Filter setting to check all HTTP GET requests sent to IBM® OpenPages® with Watson™.
In Chrome there is a flag with which you can start the browser. If you start the browser with this flag, you can do what you want:
--disable-web-security If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
